SAML Authentication

Develop SAML-enabled registration for Android.

To implement SAML-enabled registration:
  • Set the runtime settings
  • Integrate with SAP Mobile Place

MAF Logon

Using MAF Logon is the simplest and recommended way to use SAML-protected resources. By default, MAF Logon uses Mobile Place and gets the configuration based on the end user's e-mail address. Once you integrate MAF Logon into your application, you have completed SAML enablement on the client side. To use a different setup, use the MAF Logon runtime configuration to enable the SAML flow. SAML support is integrated with the HttpConversation library via the IManagerConfigurator that is object exposed by the LogonUIFacade class. Refer to the documentation of these classes and to that of the HttpConversationManager class.

Use the logonUIFacade.setDefaultValue(String,String) method to set the runtime configuration. For example:
logonUIFacade.setDefaultValue(SharedPreferenceKeys.PREFERENCE_ID_SUPSERVERPORT.toString(), <PORT>);
logonUIFacade.setDefaultValue(SharedPreferenceKeys.PREFERENCE_ID_HTTPSSTATUS.toString(), <TRUE/FALSE>);
List<AuthConfig> authConfs = new ArrayList<AuthConfig>();
Saml2Config samlConfig = new Saml2Config() {

   public String getAuthHeaderName() {
      //By default in SAP HANA Cloud Platform, this is the HTTP header key
      //sent by the platform to tag a SAML Response
      return "";

   public String getFinishEndpointUri() {
      //By default this is the endpoint path where the redirect will happen
      //upon a successful SAML Authentication
      return "/SAMLAuthLauncher";

   public String getFinishEndpointRedirectParam() {
      //By default this is the URL parameter that will be set when the SAMLAuthLauncher 
      //redirect happens on the Service Provider
      return "finishEndpointParam";

SAML authenticaiton URL (optional) - If the backend server supports SAML authentication, the server can respond using an HTTP-POST binding.

The HTTP-REDIRECT binding is also supported. For details, see the Native OData Logon APIs that are installed with the SDK.

To enable the binding on the server, set Single Sign-on Binding to HTTP-REDIRECT, when you are configuring settings for the SAML2 trusted identity provider.